hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John L. Singleton
0d3f53b013 Changes to structure per feedback of @jbj 2021-06-10 11:16:58 -04:00
Alex Ford
f74dff560b Merge pull request #187 from github/hardcoded-credentials 
Add rb/hardcoded-credentials query
 2021-06-10 16:12:32 +01:00
Taus
e7b9603c5b Merge pull request #6053 from RasmusWL/fix-tests 
Python: Fix tests
 2021-06-10 16:55:45 +02:00
Alex Ford
8839d4c584 limit additional flow steps in rb/hardcoded-credentials to string concatenation 2021-06-10 14:59:28 +01:00
Rasmus Wriedt Larsen
dd457f9641 Python: Fix tests 2021-06-10 15:58:56 +02:00
Alex Ford
fe45dadd55 set precision to high for rb/hardcoded-credentials 2021-06-10 14:52:26 +01:00
John L. Singleton
f174d7a0e0 Comment changes 2021-06-10 09:52:22 -04:00
John L. Singleton
14c419a75f autoformatting 2021-06-10 09:39:43 -04:00
CodeQL CI
a241c114da Merge pull request #5836 from RasmusWL/ec-class-improvement 
Approved by tausbn
 2021-06-10 06:20:56 -07:00
Rasmus Wriedt Larsen
04db33513e Merge branch 'main' into sensitive-improvements 2021-06-10 15:11:09 +02:00
Rasmus Wriedt Larsen
ea0c1d7db3 Python: Better handling of sensitive functions 
This solution was the best I could come up with, but it _is_ a bit
brittle since you need to remember to add this additional taint step
to any configuration that relies on sensitive data sources... I don't
see an easy way around this though :|
 2021-06-10 15:08:21 +02:00
Tamas Vajk
916780a452 Fix codeql CLI path 2021-06-10 15:07:54 +02:00
Rasmus Wriedt Larsen
f167143a84 Python: Use real config in TestSensitiveDataSources 
This will enable better tests in just one second
 2021-06-10 15:01:31 +02:00
Rasmus Wriedt Larsen
c341643ec1 Python: Add more tests for sensitive function handling 2021-06-10 14:36:05 +02:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00
Owen Mansel-Chan
c173b89529 Model NewCookie 2021-06-10 13:32:39 +01:00
Owen Mansel-Chan
ee6019a2d8 Fix tests for experimental httponly query 2021-06-10 13:31:28 +01:00
Rasmus Wriedt Larsen
eb4f168dd4 Python: Clarify SensitiveAttributeAccess 
The comment about imports was placed wrong. I also realized we didn't
even have a single test-case for
`this.(DataFlow::AttrRead).getAttributeNameExpr() = sensitiveLookupStringConst(classification)`
so I added that (notice that this is only `getattr(foo, x)` and not
`getattr(foo, "password")`)
 2021-06-10 14:09:47 +02:00
Owen Mansel-Chan
d5d27d5ccf Duplicate tests for Jakarta 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
0ad35421f2 Comment out stubs (Jakarta) 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
318d1ea484 Stubs in javax-ws-rs-api-3.0.0 
Generated using java-autostub
 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
e6a6a8898b Move Jax XSS sinks to JaxWS.qll and add tests 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
d1fe62d4d5 (Minor) Update comments to match ExternalFlow docs 2021-06-10 10:43:38 +01:00
Owen Mansel-Chan
1ae9d68409 Move and convert URL redirect sinks 
Adds for them as well
 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
f2ff2aa3e1 Add flow tests for JAX-RS 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
155d63d5f7 Add tests for JAX-RS 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
f63fd68bfb Fix models to work with collection flow 
And also removal of `Argument` with indices
 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
e929de98ec Delete duplicated taint summary rows 2021-06-10 10:43:35 +01:00
Owen Mansel-Chan
2b8bb5c231 Fix JAX-RS models 2021-06-10 10:43:35 +01:00
Owen Mansel-Chan
baa21c5bcf Manually comment out parts of stubs 
This is to avoid having to make more stubs, which we don't really need
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
caf96b01e1 Stubs in javax-ws-rs-api-2.1.1 
Generated using java-autostub
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
7b3acd8b45 (Minor) Add missing this. 2021-06-10 10:43:33 +01:00
Owen Mansel-Chan
07f7fd0342 Add missing QLDocs in JaxWS.qll 
And correct one QLDoc
 2021-06-10 10:43:15 +01:00
Tamas Vajk
b067309909 Change artifact names 2021-06-10 11:26:07 +02:00
yoff
716627c1dd Merge pull request #5878 from RasmusWL/fix-concept-tests-pretty-print 
Python: Fix concept tests pretty print
 2021-06-10 11:21:08 +02:00
Tamas Vajk
73aaeb4c0d Change workflow names 2021-06-10 11:01:45 +02:00
Tamas Vajk
55dd6ed3d1 Allow space separated package patterns in framework-aggregated reports 2021-06-10 10:54:12 +02:00
Tamas Vajk
74c00383d2 Update java framework coverage reports 2021-06-10 10:26:34 +02:00
Tamas Vajk
3605b9f720 Update java framework data 2021-06-10 10:11:24 +02:00
Tamas Vajk
ba9c2e0702 Rework CSV report generator and change timeseries report to use framework.csv 2021-06-10 10:11:24 +02:00
Tamas Vajk
c6cb7c6eed Rename time-series file to timeseries 2021-06-10 10:11:24 +02:00
Tamas Vajk
d0ec1e2f37 Generate file with package info 2021-06-10 10:11:24 +02:00
Tamas Vajk
3353c3ecdd Add workflow to generate timeseries CSV coverage report 2021-06-10 10:11:24 +02:00
Tamas Vajk
4de4277a8d Add timeseries CSV generator script 2021-06-10 10:11:23 +02:00
Tamas Vajk
270cf62f08 Fix variable reference 2021-06-10 10:11:23 +02:00
Tamas Vajk
49190615a7 Cleanup CSV coverage report generator 2021-06-10 10:11:23 +02:00
John L. Singleton
01cac13a48 format ql test files. 2021-06-09 17:16:26 -04:00
John L. Singleton
b91a0dbe16 removed accidental modification. 2021-06-09 17:12:59 -04:00
John L. Singleton
1fe3c9d093 removed accidental modification. 2021-06-09 17:11:39 -04:00
John L. Singleton
28e2cdb54e adding standard C/C++ fixed width, minimum width, and maximum width types 2021-06-09 16:12:58 -04:00